
You can sleep easy in your bed tonight, knowing that the kettle in your kitchen is no longer plotting to take over the world.
That’s what the UK government would have its citizens believe, anyway. On 1 May, it announced plans for – the gadgets and gizmos that together make up the internet of things (IoT).
The legislation, if introduced following a five-week consultation, will introduce a new labelling scheme, meant to assure buyers that any product given the stamp of approval is safe to connect to the internet. The government is proposing that any internet-enabled device that doesn’t display the IoT checkmark couldn’t be sold by UK retailers.
Advertisement
Manufacturers would be able to attain the checkmark by ensuring their devices had a unique password not kept on a default, easy-to-guess factory setting (such as 0000), that they would have a publicly available point of contact to disclose any vulnerabilities found, and that they state how long they will provide software updates to patch any vulnerabilities.
The proposal comes at the right time. In part, the current furore over Chinese firm Huawei’s involvement in the UK’s planned 5G network stems from an envisioned future of internet-enabled consumer gadgets, from kettles to televisions and voice assistants to washing machines. Worldwide, an estimated by 2025.
That’s 75 billion devices that could be hacked to allow someone to siphon off personal data, for example, or to launch malicious attacks such as distributed denial of service (DDoS) attacks that paralyse the internet by flooding it with data.
This danger is very real. In 2016, before the IoT really began to take off, the Mirai botnet attack infected countless devices and turned them against targets in DDoS attacks. Internet security firm McAfee has akin to the Google Home Hub and Amazon Echo. A visit to , a website that trawls the internet looking for internet-facing devices accessible to anyone because they have no security or rely on default passwords, will convince anyone of the merits of tighter regulation.
All very smart, then – up to a point. The biggest flaw in the UK government’s plan is that it is just a sticker. Its presence on devices may help raise awareness of the importance of keeping IoT devices updated to patch vulnerabilities, but experience shows that the average user is unlikely to install every update they are prompted to.
If any government is serious about tackling the problem of leaky IoT devices, it needs to recognise that often the problem is not the devices – it is us. Manufacturers should be compelled to push out
software updates at regular moments. And as much as it might annoy us if we want to sit down with a nice cup of tea and binge-watch Netflix to find the kettle or the TV is updating, they must be things the average user can’t opt out of.
We are inherently lazy people, and generally don’t fully understand or care how technology works, or why its integrity is important. No single label – no matter how shiny – is likely to fix that. Truly trusting the kettle in the next room will require something more.